--- a/Symbian3/PDK/Source/GUID-CC8EA664-FF2E-40FB-BC1C-89FB1255A9C9.dita Thu Mar 11 15:24:26 2010 +0000
+++ b/Symbian3/PDK/Source/GUID-CC8EA664-FF2E-40FB-BC1C-89FB1255A9C9.dita Thu Mar 11 18:02:22 2010 +0000
@@ -1,67 +1,66 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
-<!-- This component and the accompanying materials are made available under the terms of the License
-"Eclipse Public License v1.0" which accompanies this distribution,
-and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
-<!-- Initial Contributors:
- Nokia Corporation - initial contribution.
-Contributors:
--->
-<!DOCTYPE concept
- PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
-<concept id="GUID-CC8EA664-FF2E-40FB-BC1C-89FB1255A9C9" xml:lang="en"><title>General
-protection principles</title><prolog><metadata><keywords/></metadata></prolog><conbody>
-<p>Paying attention to the general protection principles below increases
-security in mobile software.</p>
-<section id="GUID-221C271B-4E13-4666-803C-6BCB7BDD8C1E"><title>Prevention</title>
-<p><i>Prevention</i> is the key component in security threat management.
-Over the past few years, the approach to security has shifted from <i>reactive</i> to <i>proactive</i>,
-meaning that prevention is increasingly important. However, the reactive component
-is still necessary because security levels degrade over time due to information
-corruption, new attack methods and viruses, etc.</p>
-<p>By intercepting security breaches before they even happen you can create
-potentially safe applications and systems. However, even the most secure solutions
-may have weaknesses, so you should never place your trust in only one method.</p>
-</section>
-<section id="GUID-78A8158D-1F67-46BE-91AD-8227200B46D6"><title>Control</title>
-<p>If a security incident is about to happen, it is still possible to minimize
-and isolate damage with <i>control of events</i> and strong <i>internal borders</i>.
-By dividing the system or software into sufficiently small units, it is easier
-to control and manage security features. Division also helps to isolate infections
-within a single unit.</p>
-<p>Another useful control feature is the <i>minimum rights principle</i>,
-wherein each unit is given only the minimum rights to complete its tasks.
-Controls can be imposed by <i>authenticating</i> and <i>authoring</i> all
-traffic between units, and by limiting access rights of unidentified parties.
-These techniques can be applied from a single software component to an entire
-business system.</p>
-<p>From Symbian OS v9.1 onwards, <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/guide/platsecsdk/index.html" format="application/java-archive">platform security</xref> implements
-control of events inside the operating system and creates borders for different
-security areas (for example, by means of <xref href="GUID-ACDED56F-38FE-491D-B019-BE2C53A75D28.dita">data
-caging</xref> and server protection). Platform security also implements the
-minimum rights principle.</p>
-<p>Additionally, there are <xref href="GUID-9058F379-C495-4B22-B270-FF6A80E450B8.dita#GUID-9058F379-C495-4B22-B270-FF6A80E450B8/GUID-9058F379-C495-4B22-B270-FF6A80E450B9">third-party
-security applications</xref> such as <i>antivirus software</i>, <i>firewalls,</i> and <i>intrusion
-detection systems</i> that provide good protection against hostile attacks
-when combined with strict <i>policies</i>.</p>
-</section>
-<section id="GUID-13186350-A3DC-4793-8D7A-7832086083AD"><title>Testing and validation</title>
-<p>Even the strongest security systems may have vulnerabilities which are
-not apparent until the application or product is in use. Software complexity
-and combinations of different technologies are known to increase the chance
-of software flaws. Software usually functions properly even when it is not
-secure. This is why extensive <i>testing and validation</i> are needed during
-development. The purpose of security testing is to find errors and flaws that
-may jeopardize the security and integrity of information stored in the mobile
-device.</p>
-<p>Traditional testing validates software against specifications, but security
-testing studies behavior and possible side effects in different environments.
-For example, <i>white hat hacking</i> attempts to identify vulnerabilities
-before malicious (black hat) hackers do. Common areas for security testing
-include user interfaces, information storage, communications, and the software's
-internal security (for example, algorithms, robustness, recovery).</p>
-<p>To have a complete evaluation of security features and risks, it is
-important to perform a full security analysis for every published version
-of an application.</p>
-</section>
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License
+"Eclipse Public License v1.0" which accompanies this distribution,
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+ Nokia Corporation - initial contribution.
+Contributors:
+-->
+<!DOCTYPE concept
+ PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-CC8EA664-FF2E-40FB-BC1C-89FB1255A9C9" xml:lang="en"><title>General
+protection principles</title><prolog><metadata><keywords/></metadata></prolog><conbody>
+<p>Paying attention to the general protection principles below increases
+security in mobile software.</p>
+<section id="GUID-221C271B-4E13-4666-803C-6BCB7BDD8C1E"><title>Prevention</title>
+<p><i>Prevention</i> is the key component in security threat management.
+Over the past few years, the approach to security has shifted from <i>reactive</i> to <i>proactive</i>,
+meaning that prevention is increasingly important. However, the reactive component
+is still necessary because security levels degrade over time due to information
+corruption, new attack methods and viruses, etc.</p>
+<p>By intercepting security breaches before they even happen you can create
+potentially safe applications and systems. However, even the most secure solutions
+may have weaknesses, so you should never place your trust in only one method.</p>
+</section>
+<section id="GUID-78A8158D-1F67-46BE-91AD-8227200B46D6"><title>Control</title>
+<p>If a security incident is about to happen, it is still possible to minimize
+and isolate damage with <i>control of events</i> and strong <i>internal borders</i>.
+By dividing the system or software into sufficiently small units, it is easier
+to control and manage security features. Division also helps to isolate infections
+within a single unit.</p>
+<p>Another useful control feature is the <i>minimum rights principle</i>,
+wherein each unit is given only the minimum rights to complete its tasks.
+Controls can be imposed by <i>authenticating</i> and <i>authoring</i> all
+traffic between units, and by limiting access rights of unidentified parties.
+These techniques can be applied from a single software component to an entire
+business system.</p>
+<p>From Symbian OS v9.1 onwards, <xref href="GUID-4BFEDD79-9502-526A-BA7B-97550A6F0601.dita">platform
+security</xref> implements control of events inside the operating system and
+creates borders for different security areas (for example, by means of <xref href="GUID-ACDED56F-38FE-491D-B019-BE2C53A75D28.dita">data caging</xref> and server
+protection). Platform security also implements the minimum rights principle.</p>
+<p>Additionally, there are <xref href="GUID-9058F379-C495-4B22-B270-FF6A80E450B8.dita#GUID-9058F379-C495-4B22-B270-FF6A80E450B8/GUID-9058F379-C495-4B22-B270-FF6A80E450B9">third-party
+security applications</xref> such as <i>antivirus software</i>, <i>firewalls,</i> and <i>intrusion
+detection systems</i> that provide good protection against hostile attacks
+when combined with strict <i>policies</i>.</p>
+</section>
+<section id="GUID-13186350-A3DC-4793-8D7A-7832086083AD"><title>Testing and validation</title>
+<p>Even the strongest security systems may have vulnerabilities which are
+not apparent until the application or product is in use. Software complexity
+and combinations of different technologies are known to increase the chance
+of software flaws. Software usually functions properly even when it is not
+secure. This is why extensive <i>testing and validation</i> are needed during
+development. The purpose of security testing is to find errors and flaws that
+may jeopardize the security and integrity of information stored in the mobile
+device.</p>
+<p>Traditional testing validates software against specifications, but security
+testing studies behavior and possible side effects in different environments.
+For example, <i>white hat hacking</i> attempts to identify vulnerabilities
+before malicious (black hat) hackers do. Common areas for security testing
+include user interfaces, information storage, communications, and the software's
+internal security (for example, algorithms, robustness, recovery).</p>
+<p>To have a complete evaluation of security features and risks, it is
+important to perform a full security analysis for every published version
+of an application.</p>
+</section>
</conbody></concept>
\ No newline at end of file